mirror of
https://github.com/EGroupware/egroupware.git
synced 2025-01-14 01:48:35 +01:00
* LDAP/Univention: periodic account-import for Univention (mailPrimaryAddress), use LDAP account-filter for reading accounts too
also set chunk-size for reading to 500 was somehow 5, probably from debugging
This commit is contained in:
parent
fdb41a2276
commit
4136150cdb
@ -59,7 +59,7 @@ class Import
|
|||||||
$GLOBALS['egw_info']['server'] += Api\Config::read('phpgwapi');
|
$GLOBALS['egw_info']['server'] += Api\Config::read('phpgwapi');
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!in_array($source = $GLOBALS['egw_info']['server']['account_import_source'], ['ldap', 'ads']))
|
if (!in_array($source = $GLOBALS['egw_info']['server']['account_import_source'], ['ldap', 'ads', 'univention']))
|
||||||
{
|
{
|
||||||
throw new \InvalidArgumentException("Invalid account_import_source='{$GLOBALS['egw_info']['server']['account_import_source']}'!");
|
throw new \InvalidArgumentException("Invalid account_import_source='{$GLOBALS['egw_info']['server']['account_import_source']}'!");
|
||||||
}
|
}
|
||||||
@ -154,7 +154,7 @@ class Import
|
|||||||
{
|
{
|
||||||
try {
|
try {
|
||||||
// determine from where we migrate to what
|
// determine from where we migrate to what
|
||||||
if (!in_array($source = $GLOBALS['egw_info']['server']['account_import_source'], ['ldap', 'ads']))
|
if (!in_array($source = $GLOBALS['egw_info']['server']['account_import_source'], ['ldap', 'ads', 'univention']))
|
||||||
{
|
{
|
||||||
throw new \InvalidArgumentException("Invalid account_import_source='{$GLOBALS['egw_info']['server']['account_import_source']}'!");
|
throw new \InvalidArgumentException("Invalid account_import_source='{$GLOBALS['egw_info']['server']['account_import_source']}'!");
|
||||||
}
|
}
|
||||||
@ -168,7 +168,7 @@ class Import
|
|||||||
}
|
}
|
||||||
if (!$initial_import && empty($GLOBALS['egw_info']['server']['account_import_lastrun']))
|
if (!$initial_import && empty($GLOBALS['egw_info']['server']['account_import_lastrun']))
|
||||||
{
|
{
|
||||||
throw new \InvalidArgumentException(lang("You need to run the inital import first!"));
|
throw new \InvalidArgumentException(lang("You need to run the initial import first!"));
|
||||||
}
|
}
|
||||||
|
|
||||||
Api\Accounts::cache_invalidate(); // to not get any cached data eg. from the wrong backend
|
Api\Accounts::cache_invalidate(); // to not get any cached data eg. from the wrong backend
|
||||||
@ -215,7 +215,7 @@ class Import
|
|||||||
$last_modified = null;
|
$last_modified = null;
|
||||||
$start_import = time();
|
$start_import = time();
|
||||||
$cookie = '';
|
$cookie = '';
|
||||||
$start = ['', 5, &$cookie]; // cookie must be a reference!
|
$start = ['', 500, &$cookie]; // cookie must be a reference!
|
||||||
do
|
do
|
||||||
{
|
{
|
||||||
foreach ($this->contacts->search('', false, '', 'account_lid', '', '', 'AND', $start, $filter) as $contact)
|
foreach ($this->contacts->search('', false, '', 'account_lid', '', '', 'AND', $start, $filter) as $contact)
|
||||||
@ -402,7 +402,7 @@ class Import
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
// if requested, also set memberships
|
// if requested, also set memberships
|
||||||
if ($type === 'users+groups' && !$dry_run)
|
if (in_array('groups', explode('+', $type)) && !$dry_run)
|
||||||
{
|
{
|
||||||
// LDAP backend does not query it automatic
|
// LDAP backend does not query it automatic
|
||||||
if (!isset($account['memberships']))
|
if (!isset($account['memberships']))
|
||||||
@ -884,9 +884,14 @@ class Import
|
|||||||
{
|
{
|
||||||
if (!($account = $this->accounts->read($ldap_id)))
|
if (!($account = $this->accounts->read($ldap_id)))
|
||||||
{
|
{
|
||||||
$this->logger("Failed reading user '$account_lid' (#$ldap_id) from LDAP, maybe he is not contained in filter --> ignored", 'detail');
|
$this->logger("Failed reading user '$account_lid' (#$ldap_id) from LDAP to set as member of group '$group', maybe he is not contained in filter --> ignored", 'detail');
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
// LDAP backend does not query it automatic
|
||||||
|
if (!isset($account['memberships']))
|
||||||
|
{
|
||||||
|
$account['memberships'] = $this->accounts->memberships($ldap_id);
|
||||||
|
}
|
||||||
if (!($contact = $this->contacts->read($account['person_id'])))
|
if (!($contact = $this->contacts->read($account['person_id'])))
|
||||||
{
|
{
|
||||||
$this->logger("Error reading contact-data of user '$account_lid' (#$ldap_id)", 'error');
|
$this->logger("Error reading contact-data of user '$account_lid' (#$ldap_id)", 'error');
|
||||||
@ -926,11 +931,11 @@ class Import
|
|||||||
$this->accounts_sql->set_memberships(array_filter(array_map(function($account_lid)
|
$this->accounts_sql->set_memberships(array_filter(array_map(function($account_lid)
|
||||||
{
|
{
|
||||||
return $this->accounts_sql->name2id($account_lid);
|
return $this->accounts_sql->name2id($account_lid);
|
||||||
}, $account['memberships'])), $sql_account['account_id']);
|
}, $account['memberships'] ?? [])), $sql_account['account_id']);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
if (!($memberships = $this->accounts_sql->memberships($account_id)))
|
if (($memberships = $this->accounts_sql->memberships($account_id)) === false)
|
||||||
{
|
{
|
||||||
$this->logger("Error reading memberships of (existing) user '$account_lid' (#$account_id)!", 'error');
|
$this->logger("Error reading memberships of (existing) user '$account_lid' (#$account_id)!", 'error');
|
||||||
$errors++;
|
$errors++;
|
||||||
|
@ -555,7 +555,10 @@ class Ldap
|
|||||||
*/
|
*/
|
||||||
protected function _read_user($account_id)
|
protected function _read_user($account_id)
|
||||||
{
|
{
|
||||||
$sri = ldap_search($this->ds, $this->user_context, '(&(objectclass=posixAccount)(uidnumber=' . (int)$account_id.'))',
|
// add account_filter to filter (user has to be '*', as we otherwise only search uid's)
|
||||||
|
$account_filter = str_replace(array('%user', '%domain'), array('*', $GLOBALS['egw_info']['user']['domain']), $this->account_filter);
|
||||||
|
|
||||||
|
$sri = ldap_search($this->ds, $this->user_context, '(&(objectclass=posixAccount)(uidnumber=' . (int)$account_id.")$account_filter)",
|
||||||
array('dn','uidnumber','uid','gidnumber','givenname','sn','cn',static::MAIL_ATTR,'userpassword','telephonenumber',
|
array('dn','uidnumber','uid','gidnumber','givenname','sn','cn',static::MAIL_ATTR,'userpassword','telephonenumber',
|
||||||
'shadowexpire','shadowlastchange','homedirectory','loginshell','createtimestamp','modifytimestamp'));
|
'shadowexpire','shadowlastchange','homedirectory','loginshell','createtimestamp','modifytimestamp'));
|
||||||
|
|
||||||
@ -582,7 +585,7 @@ class Ldap
|
|||||||
// both status and expires are encoded in the single shadowexpire value in LDAP
|
// both status and expires are encoded in the single shadowexpire value in LDAP
|
||||||
// - if it's unset an account is enabled AND does never expire
|
// - if it's unset an account is enabled AND does never expire
|
||||||
// - if it's set to 0, the account is disabled
|
// - if it's set to 0, the account is disabled
|
||||||
// - if it's set to > 0, it will or already has expired --> acount is active if it not yet expired
|
// - if it's set to > 0, it will or already has expired --> account is active if it not yet expired
|
||||||
// shadowexpire is in days since 1970/01/01 (equivalent to a timestamp (int UTC!) / (24*60*60)
|
// shadowexpire is in days since 1970/01/01 (equivalent to a timestamp (int UTC!) / (24*60*60)
|
||||||
'account_status' => isset($data['shadowexpire']) && $data['shadowexpire'][0]*24*3600+$utc_diff < time() ? false : 'A',
|
'account_status' => isset($data['shadowexpire']) && $data['shadowexpire'][0]*24*3600+$utc_diff < time() ? false : 'A',
|
||||||
'account_expires' => isset($data['shadowexpire']) && $data['shadowexpire'][0] ? $data['shadowexpire'][0]*24*3600+$utc_diff : -1, // LDAP date is in UTC
|
'account_expires' => isset($data['shadowexpire']) && $data['shadowexpire'][0] ? $data['shadowexpire'][0]*24*3600+$utc_diff : -1, // LDAP date is in UTC
|
||||||
|
@ -464,6 +464,7 @@
|
|||||||
<select name="newsettings[account_import_source]">
|
<select name="newsettings[account_import_source]">
|
||||||
<option value="ads" {selected_account_import_source_ads}>ADS</option>
|
<option value="ads" {selected_account_import_source_ads}>ADS</option>
|
||||||
<option value="ldap" {selected_account_import_source_ldap}>LDAP</option>
|
<option value="ldap" {selected_account_import_source_ldap}>LDAP</option>
|
||||||
|
<option value="univention" {selected_account_import_source_univention}>Univention (LDAP)</option>
|
||||||
</select>
|
</select>
|
||||||
</td>
|
</td>
|
||||||
</tr>
|
</tr>
|
||||||
|
Loading…
Reference in New Issue
Block a user